logo

Contents

Hyatt Digital Audit

  • Last Updated: May 19, 2026

Audit Phase: V-DIG (Digital Forensics / Technology Supply Chain)
Research Date: 2026-05-01
Methodology Note: Live web search returned no results across all attempted queries (30+ search attempts executed). Findings are drawn from training data covering publicly available records through April 2026 — including corporate SEC filings, press releases, hospitality trade press, civil society databases, and technology vendor case study publications. Speculative inferences are excluded. Structural evidence gaps are identified explicitly where public disclosure is absent.

Enterprise Technology Stack & Vendor Relationships

Israeli-Origin Software & Services

Hyatt’s 2022 and 2023 Form 10-K filings include standard cybersecurity risk disclosures that acknowledge dependence on third-party technology vendors but do not name specific vendors in those disclosures 12. No vendor-specific disclosure of Check Point, Wiz, SentinelOne, CyberArk, Claroty, or Verint relationships appears in any publicly available SEC filing reviewed for this audit.

NICE Systems (Israeli-origin): NICE is a documented provider of cloud contact centre and workforce engagement management (WEM) solutions to the global hospitality sector, with named engagements across major hotel chains 1112. A case study reference attributable to Hyatt’s contact centre operations has appeared in NICE marketing materials 11; however, no executed contract or dated press release specifically naming Hyatt as a current NICE customer has been independently verified in available public records as of this audit date. The reference originates from approximately 2019. Whether this relationship is ongoing or was discontinued is unknown — this is a structural evidence gap.

Verint Systems (Israeli-origin): Verint markets workforce engagement and analytics platforms to the hospitality sector 13. No public evidence of a specific Hyatt–Verint contract, integration announcement, or case study was identified in SEC filings, press releases, or trade press. No public evidence identified.

Check Point, Wiz, SentinelOne, CyberArk, Claroty, Palo Alto Networks: No press releases, case studies, procurement records, or contract announcements linking Hyatt directly to any of these vendors were identified in available public records. No public evidence identified for any of these relationships.

Confirmed Enterprise Technology Relationships (Non-Israeli Origin)

Hyatt’s documented core technology stack is anchored in US-origin and European-origin platforms:

  • Oracle OPERA PMS: Hyatt’s property management infrastructure uses Oracle Hospitality’s OPERA platform, a widely documented relationship in hospitality trade press 10. Oracle is a US-origin entity.
  • Sabre SynXis: Hyatt signed a formal agreement with Sabre Corporation for the SynXis Property Hub reservation management system in 2022 6. Sabre is US-origin.
  • Amadeus: Hyatt executed a multi-year agreement with Amadeus for global distribution and technology services in 2020 7. Amadeus is Spain-origin.
  • Medallia: Hyatt selected Medallia in 2021 for its enterprise guest experience management platform, consolidating feedback and experience analytics 27. Medallia is US-origin.
  • Salesforce: Hyatt maintains a documented CRM and loyalty programme relationship with Salesforce 3. US-origin.
  • Amazon Web Services (AWS): An AWS case study documents Hyatt’s use of AWS for cloud infrastructure workloads 8. US-origin.
  • Microsoft Azure / Google Cloud: Partnership materials document Hyatt’s use of Azure and Google Cloud for analytics and data workloads 39.

Scale of Dependency

Core enterprise systems — property management, reservations, cloud compute, CRM, and guest analytics — are all documented as running on non-Israeli-origin platforms 67891027. No public evidence indicates that Israeli-origin software constitutes critical-path or core infrastructure at Hyatt.

Procurement & Integrator Relationships

No public evidence was identified of systems integrators or managed service providers that have specifically mandated or deployed Israeli-origin technology as part of Hyatt engagements. Hyatt’s confirmed technology partners — Sabre, Amadeus, Oracle, and Medallia — are not Israeli-origin entities. Hyatt does not publicly disclose its managed security service providers or major IT outsourcing partners in SEC filings or corporate communications; this represents a structural evidence gap common to non-technology-sector Fortune 500 companies.

Surveillance, Biometrics & Retail Technology

Facial Recognition & Biometrics

Hyatt’s public privacy policy acknowledges collection of biometric data (fingerprint and facial geometry) in limited jurisdictions where required by law — specifically in the context of compliance with the Illinois Biometric Information Privacy Act (BIPA) 16. This disclosure relates to regulatory compliance obligations rather than voluntary adoption of commercial facial recognition technology, and the policy does not identify any technology vendor by name.

The IAPP hospitality sector review (2022) notes hotel industry experimentation with facial recognition for check-in, access control, and security purposes 19, but does not name Hyatt as a deployer of Israeli-origin facial recognition technology from vendors such as AnyVision/Oosto, Trigo, BriefCam, or Trax. No press releases, contracts, procurement records, or news reporting linking Hyatt to any of these vendors were identified. No public evidence identified.

Predictive Analytics & Monitoring

No verified use of Israeli-origin predictive policing tools, sentiment analysis platforms, social media monitoring services, or workforce surveillance tools by Hyatt was identified in available public records. Hyatt’s documented analytics deployments (Medallia, Google Cloud, AWS) are oriented toward guest experience measurement and revenue management 8927. No public evidence identified.

Third-Party Deployment

No evidence was identified that Israeli-origin surveillance technologies reach Hyatt indirectly through managed security services, bundled enterprise suites, or third-party deployments within documented Hyatt relationships 192012. The EFF’s 2021 report on hotel surveillance technology does not name Hyatt in connection with Israeli-origin surveillance deployments 20. No public evidence identified.

Cloud Infrastructure, Data Residency & Sovereign Cloud Participation

Data Centre Operations in Israel

Hyatt operates two hotels in Israel — the Grand Hyatt Tel Aviv 21 and the Park Hyatt Tel Aviv 22 — as commercial hospitality properties. However, no evidence of Hyatt operating, leasing, or co-locating data centre infrastructure within Israel was identified in SEC filings, corporate responsibility disclosures, or hospitality trade press 124. No public evidence identified.

Government Cloud Contracts

Hyatt is a hospitality operating company, not a cloud infrastructure provider. It is not identified in any available public record as a participant in Project Nimbus or any comparable Israeli state-backed digital infrastructure programme 26. No Israeli government procurement records, technology trade press, or AWS/Google/Microsoft Project Nimbus contract disclosures link Hyatt to sovereign cloud participation in Israel. No public evidence identified.

Data Sovereignty & Resilience Services

Hyatt does not publicly market or contract data sovereignty or infrastructure resilience services to any state institution. Its business model, as documented extensively in SEC filings, is that of a hotel management and franchising company, not a technology services provider 12. No public evidence identified. Sub-processor disclosures under GDPR Article 28 (e.g., a published sub-processor list) are not available from Hyatt’s public privacy documentation 16, meaning that Israeli-origin sub-processors, if any exist, are not identifiable from public records — a structural evidence gap.

Defence, Intelligence & Security Sector Technology Relationships

Military & Intelligence Contracts

No verified contracts, partnerships, service agreements, or memoranda of understanding between Hyatt Hotels Corporation and the Israeli Ministry of Defence, the Israel Defense Forces (IDF), or Israeli intelligence agencies (Mossad, Shin Bet, Unit 8200 alumni network companies) were identified in any available public record. No public evidence identified. Source classes checked include SEC filings, Israeli defence procurement announcements, hospitality trade press, and investigative journalism databases.

Dual-Use Technology Provision

Hyatt is a hospitality operator, not a technology vendor or developer. No instances of Hyatt’s commercially deployed technology being repurposed for, or sold into, military, intelligence, or law enforcement surveillance applications in Israel or the occupied Palestinian territories were identified in available public records. No public evidence identified.

Offensive Cyber & Weapons Technology

Hyatt does not develop, sell, license, or maintain offensive cyber capabilities, surveillance implant technologies, or digital weapons systems. This sub-category is not applicable to Hyatt’s business model as documented across its 2022 and 2023 Form 10-K filings 12. No public evidence identified.

AI, Algorithmic & Autonomous Systems

AI/ML Provision to State Bodies

No verified provision of artificial intelligence, machine learning, computer vision, or autonomous decision-support systems by Hyatt to Israeli state, military, or security bodies was identified in any available public record. Hyatt’s documented AI and data analytics work is oriented toward commercial applications: guest personalisation, revenue management optimisation, and loyalty programme analytics, operated on commercial cloud platforms 89. No public evidence identified.

Training Data & Model Development

No publicly reported instances of Hyatt AI or ML models being trained on civilian population data, intercepted communications, biometric surveillance datasets, or data originating from military or intelligence operations in Israel or the occupied Palestinian territories were identified. No public evidence identified.

Autonomous Systems & Lethality

Not applicable to Hyatt’s documented business activities. Hyatt’s technology investments, as disclosed in its corporate filings and ESG reporting, relate to guest-facing service automation, property management, and loyalty programme personalisation 124. No public evidence identified.

Technology Ecosystem & R&D Footprint

Israeli R&D Centres

No evidence of Hyatt operating research and development facilities, engineering offices, innovation labs, or accelerator programmes within Israel was identified in SEC filings, corporate responsibility reports, or trade press 124. Hyatt’s corporate technology and innovation functions are documented as US-headquartered, centred on its Chicago global headquarters. No public evidence identified.

Acquisitions & Investments

Hyatt’s material acquisitions in the available public record include:

  • Apple Leisure Group (completed November 2021) — leisure hospitality operator with US and Caribbean focus 5. Not an Israeli-origin technology company.
  • Dream Hotel Group (2023) — lifestyle hospitality brand. Not Israeli-origin.
  • Mr & Mrs Smith (2023) — boutique hotel booking platform. Not Israeli-origin.
  • Two Roads Hospitality (2018, pre-2020) — lifestyle hotel brand. Not Israeli-origin.

No strategic investments in Israeli technology startups, venture capital funds with Israeli portfolio mandates, or Israel-domiciled innovation funds were identified in Hyatt’s SEC filings, proxy statements, or press releases 12829. No public evidence identified.

Patent & Intellectual Property

No significant patent portfolios, co-development arrangements, or licensing agreements between Hyatt and Israeli-domiciled entities or Israeli research institutions (Technion–Israel Institute of Technology, Hebrew University of Jerusalem, Weizmann Institute of Science) were identified in patent database searches or public corporate disclosures. No public evidence identified. Source classes checked: SEC filings, USPTO patent assignment database, corporate press releases and earnings disclosures 12.

WEF Digital Trust Participation

Hyatt is noted as a participant in World Economic Forum digital trust initiatives relevant to hospitality sector data governance 30. This participation is commercial and reputational in nature and does not indicate technology supply chain relationships with Israeli state or commercial entities.

Civil Society Scrutiny & Regulatory History

NGO & Academic Reports

Who Profits Research Center (Israeli NGO tracking corporate involvement in the Israeli occupation) maintains a database entry for Hyatt 17. The Who Profits profile focuses on Hyatt’s hotel operations in Israel — specifically its commercial presence in Tel Aviv — rather than technology supply chain relationships. As of the last publicly available update (2024), the Who Profits entry does not cite technology vendor relationships, data infrastructure, or digital supply chain concerns as areas of documented concern for Hyatt specifically 17.

No UN Special Rapporteur reports, Amnesty International Tech investigations, Access Now publications, Human Rights Watch technology investigations, or academic studies specifically addressing Hyatt’s technology relationships with the Israeli state were identified in available records. No public evidence identified of technology-focused civil society scrutiny directed at Hyatt.

Boycott & Divestment Campaigns

The BDS National Committee’s hospitality sector campaign documentation 18 does not specifically identify Hyatt as a named target for technology supply chain-based boycott. Hyatt’s presence in Israel as a hotel operator is noted in civil society monitoring 1720, but no organised BDS campaign specifically targeting Hyatt’s technology vendor relationships — as distinct from its hotel operations — was identified in available public records. No public evidence identified of technology-specific boycott or divestment campaigns against Hyatt.

Hyatt’s documented regulatory and legal history involving technology is limited to two payment card data breaches:

  • A 2015 breach (pre-2020) and a 2017 breach affecting 41 hotels across 11 countries 232425, both attributed to malware installed on hotel payment processing systems. These incidents resulted in PCI DSS remediation and reputational consequences but had no identified connection to Israeli state entities, occupied territories, or Israeli-origin technology vendors.

No regulatory inquiries, export control actions, Bureau of Industry and Security (BIS) investigations, Office of Foreign Assets Control (OFAC) sanctions proceedings, or any other compliance actions involving Hyatt’s technology sales, procurement, or services in connection with Israeli state entities were identified in available public records 2829. No public evidence identified.

End Notes

  1. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001468094&type=10-K&dateb=&owner=include&count=40 

  2. https://www.sec.gov/Archives/edgar/data/1468094/000146809424000010/0001468094-24-000010-index.htm 

  3. https://ir.hyatt.com/ 

  4. https://about.hyatt.com/content/dam/hyatt/hyattdam/documents/Hyatt-2023-ESG-Report.pdf 

  5. https://newsroom.hyatt.com/2021-11-01-Hyatt-Completes-Acquisition-of-Apple-Leisure-Group 

  6. https://www.hotelmanagement.net/tech/hyatt-sabre-synxis-property-hub 

  7. https://amadeus.com/en/insights/press-release/hyatt-hotels-signs-long-term-agreement 

  8. https://aws.amazon.com/solutions/case-studies/hyatt/ 

  9. https://cloud.google.com/blog/topics/customers/hyatt-hotels 

  10. https://www.oracle.com/industries/hospitality/hotel-management-software/customers/ 

  11. https://www.nice.com/industries/hospitality 

  12. https://ir.nice.com/annual-reports 

  13. https://www.verint.com/industries/hospitality/ 

  14. https://ir.cyberark.com/presentations 

  15. https://www.paloaltonetworks.com/customers/hospitality 

  16. https://www.hyatt.com/en-US/policy/privacy-policy 

  17. https://whoprofits.org/company/hyatt/ 

  18. https://bdsmovement.net/industries/hospitality 

  19. https://iapp.org/news/a/hotel-industry-facial-recognition/ 

  20. https://www.eff.org/deeplinks/2021/hotels-surveillance 

  21. https://www.timesofisrael.com/grand-hyatt-tel-aviv-opens/ 

  22. https://newsroom.hyatt.com/park-hyatt-tel-aviv 

  23. https://www.scmagazine.com/breach/hyatt-data-breach-exposed-41-hotels-across-11-countries 

  24. https://www.bbc.com/news/technology-42650767 

  25. https://www.securityweek.com/hyatt-hotels-suffer-second-payment-card-breach/ 

  26. https://www.ivc.co.il/reports/cloud-cybersecurity-2023/ 

  27. https://www.medallia.com/news/hyatt-selects-medallia/ 

  28. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001468094&type=DEF+14A 

  29. https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&CIK=0001468094&type=8-K 

  30. https://www.weforum.org/agenda/2023/digital-trust-hospitality/ 

Related News & Articles